Critical Chrome Gemini Vulnerability Exposes Users to Remote Surveillance and Data Theft
A significant security flaw has been identified in Google Chrome’s integrated Gemini AI assistant, potentially allowing attackers to remotely access users’ cameras and microphones, steal local files, and execute phishing attacks—all without any user interaction beyond opening the browser’s AI panel.
Discovery and Disclosure
Designated as CVE-2026-0628, this high-severity vulnerability was discovered by researchers at Palo Alto Networks’ Unit 42. The issue was responsibly disclosed to Google on October 23, 2025, and a patch was released on January 5, 2026, prior to public disclosure.
The Role of AI Assistants in Modern Browsers
The Gemini AI assistant in Chrome is part of a new wave of AI browsers that embed artificial intelligence directly into the browsing experience. Similar integrations include Microsoft’s Copilot in Edge and standalone products like Atlas and Comet. These AI assistants offer features such as real-time webpage summarization, task automation, and contextual browsing assistance.
To provide these functionalities, AI panels like Gemini require a comprehensive view of the user’s screen, necessitating elevated permissions. In Chrome, this means granting the Gemini panel access to the camera, microphone, local files, and the ability to capture screenshots. While these permissions enable powerful features, they also significantly expand the browser’s attack surface.
Technical Details of the Vulnerability
The vulnerability was rooted in Chrome’s handling of the `declarativeNetRequest` API, a standard browser extension permission that allows extensions to intercept and modify HTTPS web requests and responses. This API is commonly used for legitimate purposes, such as ad-blocking.
Researchers discovered a critical inconsistency in how Chrome processed requests to `hxxps[:]//gemini.google[.]com/app`. When this URL was loaded in a regular browser tab, extensions could intercept and inject JavaScript into it without gaining special privileges. However, when the same URL was loaded within the Gemini browser panel, Chrome granted it elevated, browser-level capabilities.
Exploiting this inconsistency, a malicious extension with only basic permissions could inject arbitrary JavaScript code into the privileged Gemini panel. This effectively allowed attackers to hijack a trusted browser component and inherit all of its elevated access.
Potential Exploits and Impacts
Once an attacker gained control of the Gemini panel through this technique, they could perform several actions without any further user interaction:
– Camera and Microphone Activation: Enable silent surveillance without the user’s consent.
– Screenshot Capture: Exfiltrate sensitive on-screen data.
– Local File and Directory Access: Steal operating system-level files.
– Phishing via Trusted Panel: Conduct high-credibility deception attacks by displaying malicious content within the trusted Gemini panel.
The phishing risk is particularly concerning because the Gemini panel is an integrated, trusted component of the browser. Malicious content displayed within it carries an inherent legitimacy that standalone phishing pages lack.
The Growing Threat of Malicious Extensions
Historically, extension-based attacks were considered lower-risk due to the challenges involved in getting a malicious extension installed. However, the integration of privileged AI panels like Gemini changes this dynamic.
The number of malicious extensions deployed to browser web stores has grown significantly in recent years. Many are removed quickly, but not before reaching thousands of users. Additionally, legitimate extensions have been hijacked or sold to threat actors who then push malicious updates to already-installed endpoints, turning trusted tools into silent weapons.
In enterprise environments, a compromised extension gaining access to employees’ cameras, microphones, and local files represents a serious organizational security risk, with potential for corporate espionage and data exfiltration.
Mitigation and User Recommendations
Google addressed this vulnerability by releasing a fix on January 5, 2026, following responsible disclosure. Users are strongly advised to ensure their Chrome browsers are updated to the latest version to protect against potential exploitation.
To update Chrome:
1. Open Chrome.
2. Click on the three-dot menu in the top-right corner.
3. Navigate to Help > About Google Chrome.
4. Chrome will automatically check for and install any available updates.
5. Restart the browser to complete the update process.
Additionally, users should exercise caution when installing browser extensions, only adding those from trusted sources, and regularly reviewing and managing installed extensions to minimize security risks.
Conclusion
The discovery of CVE-2026-0628 underscores the complex security challenges introduced by integrating advanced AI assistants into web browsers. While these features offer enhanced functionality and user experience, they also introduce new vectors for potential exploitation. Continuous vigilance, prompt software updates, and cautious extension management are essential practices for maintaining online security in the evolving digital landscape.
